The non-profit behavioral health service provider in Clearwater, FL Directions for Living encountered a ransomware attack on July 17, 2021.
When Directions for Living discovered the attack, it notified law enforcement and called in third-party computer forensics specialists to investigate the extent of the cyberattack and help with the work of remediation. The investigation ended on August 30, 2021.
An analysis of the servers, which the attackers possibly accessed, confirmed they stored personal data and protected health information (PHI) of present and past clients, such as names, Social Security numbers, addresses, birth dates, diagnostic codes, claims data, insurance details, names of healthcare providers, date of service, and some health data. Directions for Living stated the attack did not affect its electronic medical record system and cannot be viewed by the hackers. Moreover, clients’ financial data was not kept on the impacted servers. Although unauthorized individuals may have accessed personal data and PHI, Directions for Living claimed there is no evidence that suggests any actual or attempted data misuse.
Directions for Living is known to be a proud and respected resource for people looking for a welcoming and caring behavioral health services provider for almost 40 years. It takes its role and dedication to the people it serves very seriously. Privacy is a top priority at all times, and it is working hard to respond suitably and continue to make sure that its clients are protected, and all information is secure.
The process of informing impacted persons began on August 30, following the conditions of the HIPAA Breach Notification Rule. Impacted persons were instructed to be wary and to monitor their credit reports, account statements, and explanation of benefits statements for indications of falsified activity. Those whose Social Security numbers were compromised have been provided free credit monitoring and identity theft monitoring services for one year.
Directions for Living submitted the breach report to the Department of Health and Human Services’ Office for Civil Rights indicating that the PHI of 19,494 persons was kept on the impacted servers.